HTTPS / SSL

October 2017 Update – As of October 2017, Google will now be displaying “warnings” to websites that don’t have SSL enabled for Chrome users. While this is not considered a penalty, it could definitely lead to driving users away from your site which could cause ranking issues. Again, just a guess but we know for a fact that this warning is coming, and it will behoove webmasters to enable HTTPs. Note: the warning will only appear on sites that have forms, which is basically every site on the web.

We are already starting to see warnings in Google Search Console:

As of August 2014, Google has announced that having HTTPS encryption enabled on your website by default is a ranking signal in Google. In an effort to help make their search engine more safe, they are encouraging people to switch to HTTPS by making this a positive ranking factor. Google claims that it is a very “lightweight” signal and affects fewer than 1% of all queries. If that is not enough to make you beleive HTTPS is good for SEO, consider what Gary Illyes, Webmaster Trends Analyst at Google said recently:

If you’re an SEO and you’re recommending against going HTTPS, you’re wrong and you should feel bad.

While this is a bold statement and plenty of seasoned SEO’s had something to say about this, you can’t argue with the man behind the curtain. Google has also been very reluctant to release official ranking factors to the general public.

But not so fast, don’t go buying an SSL certificate just yet, there are a lot of considerations to be made before you go switching your server around. Remember when you switch your website to HTTPS, Google considers this a separate version of your website, so you’ll have to get all of your results re-indexed in the search engine. You also need to add the new “version” of your website to Google Search Console.

The first step in getting HTTPS enabled on your website is to obtain an SSL certificate. You can find these almost anywhere, but you’ll have to do your due diligence as not all SSL certificates are the same. My personal preference is Global Sign but there are many options.

Once you choose a vendor, you will have to choose what type of SSL certificate you need. There are 3 major types of SSL certificates:

Extended Validation (most thorough)

Organization Validation

Domain Validation (least thorough)

We really can’t go into how to install an SSL certificate on your website within this guide, because it truly depends on so many factors such as the type of website you have, the server you are running the operating system on your server and so much more.

Also, for those webmasters that have cPanel or WHM you can enable “auto-SSL” which can (like the name implies) automatically enable SSL

Whatever your situation is, I would put aside a full day to reconfigure your website and make sure to have your network admin handy in case something breaks.

On-Page SEO Considerations and Benefits

We’ve already stated this, but clearly the largest benefit is the fact that Google now considers this a ranking factor. Google has said in the past that there are over 200 ranking factors, some having more power than others.

In addition to the rankings boost you might receive you also might get some referrer data that you weren’t getting before you had your SSL certificate installed. When web traffic passes from an HTTPS > HTTPS website which is becoming more and more popular that referrer data is preserved in your analytics which can provide you with some great data about your visitors that you didn’t have access to before.

All types of certificates will “work” for Google, but only the extended validation certificates will give you the coveted “green bar” in your web browser. While this may not be a direct rankings boost, on websites like eCommerce shops this can act as a trust signal and help keep visitors on your website longer, and coming back for more. These factors have been known to affect SEO so it is something to consider.

There are a ton of resources that have to be updated when switching to HTTPS. For instance your sitemaps, your robots.txt files, canonical elements and even your analytics tracking code needs to be changed.

Once you think you have everything up and running, you can use Google Search Console’s fetch and render tool to see if things are working properly, and how Google renders your site.

Common Mistakes and Pitfalls

There are a number of common pitfalls and considerations when installing an SSL certificate. Some of these include:

As time goes on and we learn more about how HTTPS plays a role in SEO. Before you go installing an SSL certificate on your website, re-read this article and do as much research if you can.

Pay special attention if you are an SEO that manages a very large and old website with lots of pages. The more complicated and dynamic your website is, the more factors that come into play when configuring an SSL certificate on your website.

Installing an SSL certificate might only take 30 minutes, but configuring it for SEO could take hours or even days. Mis-configure your SSL and you could be in a world of hurt from an SEO perspective. Configure it properly and you could experience some very nice rewards on your website.

Also it is helpful to “force” SSL on all pages, that way if someone lands on a non-SSL page they’ll get properly redirected. I like to use this snippet:

SEO Benefits of SSL

Entering a controversial subject, so if you are an advanced network programmer or engineer, please don’t hate us! Over the past year or so with the increase of popularity in HTTP2 and SPDY, there is a huge camp of people that say that having HTTPS enabled can actually increase your website speed!

If you really want to blow your mind check out this website titled “http vs https” again geared towards Chrome users with perfect HTTPS implementations, but in the coming years all browsers and sites will catch up to this technology, and this will be a reality across the WWW.

So we know HTTPS is a ranking signal, and we know that site speed is a ranking signal , and if enabling HTTPS can lead to speed increases (sometimes) then this can be a double win!

Lastly

Just remember, improper implementation of SSL can lead to some harsh consequences for you site including: